Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc-test-automation / 7d7bae32045a0d5ed195446f637091284d5a2e00 / . / redfish / managers / test_certificate.robot
blob: b32e15b04ae935c2cf8e0bcd255cdeafe9b2c34a [file] [log] [blame]
Rahul Maheshwarib4b8bb62019-03-04 23:56:10 -0600[diff] [blame]1*** Settings ***
2Documentation Test certificate in OpenBMC.
3
4Resource ../../lib/resource.robot
5Resource ../../lib/bmc_redfish_resource.robot
6Resource ../../lib/openbmc_ffdc.robot
7Resource ../../lib/certificate_utils.robot
8
9Suite Setup Suite Setup Execution
10Test Teardown Test Teardown Execution
11
12
13** Test Cases **
14
15Verify Server Certificate Replace
16 [Documentation] Verify server certificate replace.
17 [Tags] Verify_Server_Certificate_Replace
18 [Template] Replace Certificate Via Redfish
19
20 # cert_type cert_format expected_status
21 Server Valid Certificate Valid Privatekey ok
22 Server Empty Certificate Valid Privatekey error
23 Server Valid Certificate Empty Privatekey error
24 Server Empty Certificate Empty Privatekey error
25 Server Expired Certificate error
26
27
28Verify Client Certificate Replace
29 [Documentation] Verify client certificate replace.
30 [Tags] Verify_Client_Certificate_Replace
31 [Template] Replace Certificate Via Redfish
32
33 # cert_type cert_format expected_status
34 Client Valid Certificate Valid Privatekey ok
35 Client Empty Certificate Valid Privatekey error
36 Client Valid Certificate Empty Privatekey error
37 Client Empty Certificate Empty Privatekey error
38 Client Expired Certificate error
39
40
Rahul Maheshwari037a3432019-05-23 00:55:40 -0500[diff] [blame]41Verify Client Certificate Install
42 [Documentation] Verify client certificate install.
43 [Tags] Verify_Client_Certificate_Install
44 [Template] Test Client Certificate Install Via Redfish
45
46 # cert_format expected_status
47 Valid Certificate Valid Privatekey ok
48 Empty Certificate Valid Privatekey error
49 Valid Certificate Empty Privatekey error
50 Empty Certificate Empty Privatekey error
51
52
Rahul Maheshwarifa95b092019-05-22 05:10:59 -0500[diff] [blame]53Verify Server Certificate View Via Openssl
54 [Documentation] Verify server certificate via openssl command.
55 [Tags] Verify_Server_Certificate_View_Via_Openssl
56
57 redfish.Login
58
59 ${cert_file_path}= Generate Certificate File Via Openssl Valid Certificate Valid Privatekey
60 ${file_data}= OperatingSystem.Get Binary File ${cert_file_path}
61
62 ${certificate_dict}= Create Dictionary
63 ... @odata.id=/redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/1
64 ${payload}= Create Dictionary CertificateString=${file_data}
65 ... CertificateType=PEM CertificateUri=${certificate_dict}
66
67 ${resp}= redfish.Post /redfish/v1/CertificateService/Actions/CertificateService.ReplaceCertificate
68 ... body=${payload}
69
70 Wait Until Keyword Succeeds 2 mins 15 secs Verify Certificate Visible Via OpenSSL ${cert_file_path}
71
72
Rahul Maheshwarib4b8bb62019-03-04 23:56:10 -0600[diff] [blame]73*** Keywords ***
74
Rahul Maheshwari037a3432019-05-23 00:55:40 -0500[diff] [blame]75Test Client Certificate Install Via Redfish
76 [Documentation] Test client certificate install in the BMC via Redfish.
77 [Arguments] ${cert_format} ${expected_status}
78
79 # Description of argument(s):
80 # cert_format Certificate file format
81 # (e.g. "Valid_Certificate_Valid_Privatekey").
82 # expected_status Expected status of certificate replace Redfish
83 # request (i.e. "ok" or "error").
84
Rahul Maheshwaria5b17672019-05-30 11:08:30 -0500[diff] [blame]85 Delete Client Certificate Via BMC CLI
Rahul Maheshwari037a3432019-05-23 00:55:40 -0500[diff] [blame]86 # Adding delay after certificate deletion.
87 Sleep 15s
88
89 redfish.Login
90 ${time}= Set Variable If '${cert_format}' == 'Expired Certificate' -10 365
91 ${cert_file_path}= Generate Certificate File Via Openssl ${cert_format} ${time}
92 ${file_data}= OperatingSystem.Get Binary File ${cert_file_path}
93
94 Install Client Certificate File On BMC ${REDFISH_LDAP_CERTIFICATE_URI}
95 ... ${expected_status} data=${file_data}
96
97 # Adding delay after certificate installation.
98 Sleep 15s
99
100 ${cert_file_content}= OperatingSystem.Get File ${cert_file_path}
101 ${bmc_cert_content}= Run Keyword If '${expected_status}' == 'ok' redfish_utils.Get Attribute
102 ... ${REDFISH_LDAP_CERTIFICATE_URI}/1 CertificateString
103
104 Run Keyword If '${expected_status}' == 'ok' Should Contain ${cert_file_content} ${bmc_cert_content}
105
106
107Install Client Certificate File On BMC
108 [Documentation] Install certificate file in BMC using POST operation.
109 [Arguments] ${uri} ${status}=ok &{kwargs}
110
111 # Description of argument(s):
112 # uri URI for installing certificate file via REST
113 # e.g. "/xyz/openbmc_project/certs/server/https".
114 # status Expected status of certificate installation via REST
115 # e.g. error, ok.
116 # kwargs A dictionary of keys/values to be passed directly to
117 # POST Request.
118
119 Initialize OpenBMC quiet=${quiet}
120
121 ${headers}= Create Dictionary Content-Type=application/octet-stream
122 ... X-Auth-Token=${XAUTH_TOKEN}
123 Set To Dictionary ${kwargs} headers ${headers}
124
125 ${ret}= Post Request openbmc ${uri} &{kwargs}
126
127 Run Keyword If '${status}' == 'ok'
128 ... Should Be Equal As Strings ${ret.status_code} ${HTTP_OK}
129 ... ELSE IF '${status}' == 'error'
130 ... Should Be Equal As Strings ${ret.status_code} ${HTTP_INTERNAL_SERVER_ERROR}
131
132 Delete All Sessions
133
134
Rahul Maheshwarib4b8bb62019-03-04 23:56:10 -0600[diff] [blame]135Replace Certificate Via Redfish
136 [Documentation] Test 'replace certificate' operation in the BMC via Redfish.
137 [Arguments] ${cert_type} ${cert_format} ${expected_status}
138
139 # Description of argument(s):
140 # cert_type Certificate type (e.g. "Server" or "Client").
141 # cert_format Certificate file format
142 # (e.g. Valid_Certificate_Valid_Privatekey).
143 # expected_status Expected status of certificate replace Redfish
144 # request (i.e. "ok" or "error").
145
146 redfish.Login
147
148 ${time}= Set Variable If '${cert_format}' == 'Expired Certificate' -10 365
149 ${cert_file_path}= Generate Certificate File Via Openssl ${cert_format} ${time}
150
151 ${file_data}= OperatingSystem.Get Binary File ${cert_file_path}
152
153 ${certificate_uri}= Set Variable If '${cert_type}' == 'Server'
154 ... /redfish/v1/Managers/bmc/NetworkProtocol/HTTPS/Certificates/1
155 ... /redfish/v1/AccountService/LDAP/Certificates/1
156
157 ${certificate_dict}= Create Dictionary @odata.id=${certificate_uri}
158 ${payload}= Create Dictionary CertificateString=${file_data}
159 ... CertificateType=PEM CertificateUri=${certificate_dict}
160 ${resp}= redfish.Post CertificateService/Actions/CertificateService.ReplaceCertificate
161 ... body=${payload}
162
163 ${cert_file_content}= OperatingSystem.Get File ${cert_file_path}
164 ${bmc_cert_content}= redfish_utils.Get Attribute ${certificate_uri} CertificateString
165
166 Run Keyword If '${expected_status}' == 'ok'
167 ... Should Contain ${cert_file_content} ${bmc_cert_content}
168 ... ELSE
169 ... Should Not Contain ${cert_file_content} ${bmc_cert_content}
170
171
Rahul Maheshwarifa95b092019-05-22 05:10:59 -0500[diff] [blame]172Verify Certificate Visible Via OpenSSL
173 [Documentation] Checks if given certificate is visible via openssl's showcert command.
174 [Arguments] ${cert_file_path}
175
176 # Description of argument(s):
177 # cert_file_path Certificate file path.
178
179 ${cert_file_content}= OperatingSystem.Get File ${cert_file_path}
180 ${openssl_cert_content}= Get Certificate Content From BMC Via Openssl
181 Should Contain ${cert_file_content} ${openssl_cert_content}
182
183
Rahul Maheshwaria5b17672019-05-30 11:08:30 -0500[diff] [blame]184Delete Client Certificate Via BMC CLI
185 [Documentation] Delete client certificate via BMC CLI.
186
187 ${file_status} ${stderr} ${rc}= BMC Execute Command
188 ... [ -f /etc/nslcd/certs/cert.pem ] && echo "Found" || echo "Not Found"
189
190 Run Keyword If "${file_status}" == "Found"
191 ... Run Keywords BMC Execute Command rm /etc/nslcd/certs/cert.pem AND
192 ... BMC Execute Command systemctl restart phosphor-certificate-manager@nslcd.service
193
194
Rahul Maheshwarib4b8bb62019-03-04 23:56:10 -0600[diff] [blame]195Suite Setup Execution
196 [Documentation] Do suite setup tasks.
197
198 # Create certificate sub-directory in current working directory.
199 Create Directory certificate_dir
200
201
202Test Teardown Execution
203 [Documentation] Do the post test teardown.
204
205 FFDC On Test Case Fail
206 redfish.Logout
207